Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Revc.6096

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:13.966425617Z	53	PC: 130da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:13.970746092Z	53	PC: 130da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:13.972290054Z	53	PC: 130da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:13.973803388Z	53	PC: 130da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:13.980881264Z	53	PC: 130da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:13.98243494Z	53	PC: 130da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:13.983736288Z	53	PC: 130da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:13.989477671Z	53	PC: 130da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:13.990764572Z	53	PC: 130da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:13.991850973Z	53	PC: 130da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:13.993508437Z	53	PC: 130da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:13.995267819Z	53	PC: 130da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:13.99642132Z	53	PC: 130da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:13.998462686Z	53	PC: 130da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:14.000373189Z	53	PC: 130da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:14.002339546Z	53	PC: 130da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:14.004284224Z	53	PC: 130da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:14.006550845Z	53	PC: 130da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:14.008529681Z	53	PC: 130da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:14.010147917Z	37	PC: 130ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:14.011892729Z	37	PC: 130f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:14.013233063Z	37	PC: 130ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:14.014545262Z	37	PC: 13107 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:14.017061309Z	68	PC: 13fb0 \| I/O control for devices (Set for = '@�þF�2��')
2018-12-17T22:43:14.018553981Z	25	PC: 13c82 \| Get default drive
2018-12-17T22:43:14.019631606Z	71	PC: 13c95 \| Get current directory
2018-12-17T22:43:14.023745112Z	48	PC: 13bf5 \| Get DOS version
2018-12-17T22:43:14.027538013Z	64	PC: 137ff \| Write file or device (Write 9 bytes on handle 1)
2018-12-17T22:43:14.030244556Z	25	PC: 13c82 \| Get default drive
2018-12-17T22:43:14.036994181Z	71	PC: 13c95 \| Get current directory
2018-12-17T22:43:14.040784277Z	25	PC: 13c82 \| Get default drive
2018-12-17T22:43:14.04292416Z	71	PC: 13c95 \| Get current directory
2018-12-17T22:43:14.047472455Z	14	PC: 13cdb \| Set default drive (Drive = 'C')
2018-12-17T22:43:14.049203648Z	25	PC: 13cdf \| Get default drive
2018-12-17T22:43:14.050669317Z	59	PC: 13d49 \| Change current directory
2018-12-17T22:43:14.055354805Z	26	PC: 12fb9 \| Set disk transfer address
2018-12-17T22:43:14.0567041Z	78	PC: 12fc5 \| Find first file
2018-12-17T22:43:14.062305833Z	26	PC: 12fb9 \| Set disk transfer address
2018-12-17T22:43:14.064743104Z	78	PC: 12fc5 \| Find first file
2018-12-17T22:43:14.070156815Z	26	PC: 12fdd \| Set disk transfer address
2018-12-17T22:43:14.071535473Z	79	PC: 12fe2 \| Find next file
2018-12-17T22:43:14.074429355Z	26	PC: 12fdd \| Set disk transfer address
2018-12-17T22:43:14.077198631Z	79	PC: 12fe2 \| Find next file
2018-12-17T22:43:14.080541212Z	59	PC: 13d49 \| Change current directory
2018-12-17T22:43:14.08662721Z	26	PC: 12fb9 \| Set disk transfer address
2018-12-17T22:43:14.092749002Z	78	PC: 12fc5 \| Find first file
2018-12-17T22:43:14.101325971Z	25	PC: 13c82 \| Get default drive
2018-12-17T22:43:14.102651944Z	71	PC: 13c95 \| Get current directory
2018-12-17T22:43:14.106729526Z	26	PC: 12fb9 \| Set disk transfer address
2018-12-17T22:43:14.107844842Z	78	PC: 12fc5 \| Find first file
2018-12-17T22:43:14.117331918Z	61	PC: 13aa7 \| Open file (Filename = 'A:\\EST.EXE')
2018-12-17T22:43:14.121863747Z	64	PC: 137ff \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:43:14.123863615Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:14.125399536Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:14.127798281Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:14.129513315Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:14.130675803Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:14.132690132Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:14.134135672Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:14.13553998Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:14.138476735Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:14.139695548Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:14.140870032Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:14.142951738Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:14.144057833Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:14.145223201Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:14.146871113Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:14.148190642Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:14.150014971Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:14.151279849Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:14.152547532Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:14.154934292Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.156742966Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.1595725Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.162075075Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.166127468Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.168600526Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.170937119Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.17295653Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.175827487Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.177769342Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.179783327Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.182742901Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.184710963Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.186676124Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.190486634Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.192420882Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.194451381Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.197386089Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.199287885Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.20124396Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.204007498Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.206120055Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.208282249Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.210949922Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.21344708Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.215678485Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.221051751Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.223118835Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.225655721Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.22831207Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.230821035Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.233310947Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.236541534Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:43:14.24144681Z	76	PC: 13270 \| Terminate with return code (Return code = '5')